Recipient Verification

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Recipient Verification

Software Info

 

 

Hi All

I am having a problem with bad email address listings so I am trying to implement the recipient address verification. Below are the relevant settings in my main.cf file. I notice though that although there are no errors in my log file, I can't find a verify_cache.db file anywhere. How do I know if recipient verification is working?

 

I am using postfix-3.5.8,1 on FreeBSD 12.2

 

address_verify_map = lmdb:$data_directory/verify_cache

address_verify_negative_expire_time = 30s

address_verify_negative_refresh_time = 30s

address_verify_positive_expire_time = 12h

address_verify_positive_refresh_time = 6h

 

smtpd_recipient_restrictions =

   reject_non_fqdn_recipient,

   reject_unknown_recipient_domain,

   check_client_access hash:/usr/local/etc/postfix/internal_networks,

   check_sender_access hash:/usr/local/etc/postfix/not_our_domain_as_sender,

   permit_mynetworks,

   reject_unauth_destination,

   reject_unknown_client_hostname,

   reject_unknown_reverse_client_hostname,

   reject_unverified_recipient,

   permit

 

My Data Directory from postconf -d is /var/db/postfix

 

Any help would be appreciated.

Reply | Threaded
Open this post in threaded view
|

Re: Recipient Verification

Wietse Venema
1) Please don't send HTML-only messages to a mailing list.

2) "postconf -d" is the wrong command to examine Postfix settings.
Use "postconf -n" instead.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Recipient Verification

Software Info
Oh my apologies, I didn't realize. I ran that and got the same data
directory which is /var/db/postfix. Stumped as to why I am not seeing
the verify_cache.db file. Shouldn't I be?

On Thu, Nov 26, 2020 at 6:14 PM Wietse Venema <[hidden email]> wrote:
>
> 1) Please don't send HTML-only messages to a mailing list.
>
> 2) "postconf -d" is the wrong command to examine Postfix settings.
> Use "postconf -n" instead.
>
>         Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Recipient Verification

biggsy
Friday, November 27, 2020, 2:59:42 PM, Software Info  wrote:

> Oh my apologies, I didn't realize. I ran that and got the same data
> directory which is /var/db/postfix. Stumped as to why I am not seeing
> the verify_cache.db file. Shouldn't I be?


Did you install a pkg or compile postfix with LMDB support yourself?  
I could well be wrong but I don't think LMDB support is compiled into
any of the available pkgs.

I'm running postfix-sasl-3.5.8,1 on FreeBSD 12.1-RELEASE-p6 and
I do have a /var/db/postfix/verify_cache.db
Only address_verify_* in my main.cf is for address_verify_negative_expire_time

Phil

Reply | Threaded
Open this post in threaded view
|

Re: Recipient Verification

Wietse Venema
In reply to this post by Software Info
Software Info:
> Oh my apologies, I didn't realize. I ran that and got the same data
> directory which is /var/db/postfix. Stumped as to why I am not seeing
> the verify_cache.db file. Shouldn't I be?

ONLY if you send mail in a waty thath triggers the
reject_unverfified_recipient feature.

1) Send mail over SMTP instead of using /usr/sbin/sendmail.

2) Send mail from an IP address that does not trigger any of the
   features before reject_unverified_recipient. For example

    smtpd_recipient_restrictions =
        ...
        permit_mynetworks
        ...
        reject_unverified_recipient
        ...

   This will trigger reject_unverified_recipient ONLY if the client
   is outside "mynetworks".

So you may want to move that reject_unverified_recipient thing,
or test with a different SMTP client IP address, or use the
Postfix XCLIENT feature to simulate a remote client.
http://www.postfix.org/postconf.5.html#smtpd_authorized_xclient_hosts

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Recipient Verification

Software Info
THanks so much for that tip. It works now. I moved it to above
permit_mynetworks and I can now see the db file. Thanks again.

On Fri, Nov 27, 2020 at 11:29 AM Wietse Venema <[hidden email]> wrote:

>
> Software Info:
> > Oh my apologies, I didn't realize. I ran that and got the same data
> > directory which is /var/db/postfix. Stumped as to why I am not seeing
> > the verify_cache.db file. Shouldn't I be?
>
> ONLY if you send mail in a waty thath triggers the
> reject_unverfified_recipient feature.
>
> 1) Send mail over SMTP instead of using /usr/sbin/sendmail.
>
> 2) Send mail from an IP address that does not trigger any of the
>    features before reject_unverified_recipient. For example
>
>     smtpd_recipient_restrictions =
>         ...
>         permit_mynetworks
>         ...
>         reject_unverified_recipient
>         ...
>
>    This will trigger reject_unverified_recipient ONLY if the client
>    is outside "mynetworks".
>
> So you may want to move that reject_unverified_recipient thing,
> or test with a different SMTP client IP address, or use the
> Postfix XCLIENT feature to simulate a remote client.
> http://www.postfix.org/postconf.5.html#smtpd_authorized_xclient_hosts
>
>         Wietse